Export limit exceeded: 80233 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (80233 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-30014 | 1 Simple Food Website Project | 1 Simple Food Website | 2024-11-21 | 8.8 High |
| Lumidek Associates Simple Food Website 1.0 is vulnerable to Cross Site Request Forgery (CSRF) which allows anyone to takeover admin/moderater account. | ||||
| CVE-2022-30012 | 1 Hospital Management System Project | 1 Hospital Management System | 2024-11-21 | 7.5 High |
| In the POST request of the appointment.php page of HMS v.0, there are SQL injection vulnerabilities in multiple parameters, and database information can be obtained through injection. | ||||
| CVE-2022-30007 | 1 Gxcms Project | 1 Gxcms | 2024-11-21 | 7.2 High |
| GXCMS V1.5 has a file upload vulnerability in the background. The vulnerability is the template management page. You can edit any template content and then rename to PHP suffix file, after calling PHP file can control the server. | ||||
| CVE-2022-2997 | 1 Snipeitapp | 1 Snipe-it | 2024-11-21 | 8.0 High |
| Session Fixation in GitHub repository snipe/snipe-it prior to 6.0.10. | ||||
| CVE-2022-2996 | 3 Debian, Python-scciclient Project, Redhat | 5 Debian Linux, Python-scciclient, Openshift and 2 more | 2024-11-21 | 7.4 High |
| A flaw was found in the python-scciclient when making an HTTPS connection to a server where the server's certificate would not be verified. This issue opens up the connection to possible Man-in-the-middle (MITM) attacks. | ||||
| CVE-2022-2990 | 2 Buildah Project, Redhat | 4 Buildah, Enterprise Linux, Openshift and 1 more | 2024-11-21 | 7.1 High |
| An incorrect handling of the supplementary groups in the Buildah container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute a binary code in that container. | ||||
| CVE-2022-2986 | 1 Moodle | 1 Moodle | 2024-11-21 | 8.8 High |
| Enabling and disabling installed H5P libraries did not include the necessary token to prevent a CSRF risk. | ||||
| CVE-2022-2982 | 2 Fedoraproject, Vim | 2 Fedora, Vim | 2024-11-21 | 7.8 High |
| Use After Free in GitHub repository vim/vim prior to 9.0.0260. | ||||
| CVE-2022-2978 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2024-11-21 | 7.8 High |
| A flaw use after free in the Linux kernel NILFS file system was found in the way user triggers function security_inode_alloc to fail with following call to function nilfs_mdt_destroy. A local user could use this flaw to crash the system or potentially escalate their privileges on the system. | ||||
| CVE-2022-2977 | 1 Linux | 1 Linux Kernel | 2024-11-21 | 7.8 High |
| A flaw was found in the Linux kernel implementation of proxied virtualized TPM devices. On a system where virtualized TPM devices are configured (this is not the default) a local attacker can create a use-after-free and create a situation where it may be possible to escalate privileges on the system. | ||||
| CVE-2022-2975 | 1 Avaya | 1 Aura Application Enablement Services | 2024-11-21 | 7.7 High |
| A vulnerability related to weak permissions was detected in Avaya Aura Application Enablement Services web application, allowing an administrative user to modify accounts leading to execution of arbitrary code as the root user. This issue affects Application Enablement Services versions 8.0.0.0 through 8.1.3.4 and 10.1.0.0 through 10.1.0.1. Versions prior to 8.0.0.0 are end of manufacturing support and were not evaluated. | ||||
| CVE-2022-2964 | 3 Linux, Netapp, Redhat | 18 Linux Kernel, H300s, H300s Firmware and 15 more | 2024-11-21 | 7.8 High |
| A flaw was found in the Linux kernel’s driver for the ASIX AX88179_178A-based USB 2.0/3.0 Gigabit Ethernet Devices. The vulnerability contains multiple out-of-bounds reads and possible out-of-bounds writes. | ||||
| CVE-2022-2961 | 3 Fedoraproject, Linux, Netapp | 12 Fedora, Linux Kernel, H300s and 9 more | 2024-11-21 | 7.0 High |
| A use-after-free flaw was found in the Linux kernel’s PLP Rose functionality in the way a user triggers a race condition by calling bind while simultaneously triggering the rose_bind() function. This flaw allows a local user to crash or potentially escalate their privileges on the system. | ||||
| CVE-2022-2959 | 2 Linux, Redhat | 3 Linux Kernel, Enterprise Linux, Rhel Eus | 2024-11-21 | 7.0 High |
| A race condition was found in the Linux kernel's watch queue due to a missing lock in pipe_resize_ring(). The specific flaw exists within the handling of pipe buffers. The issue results from the lack of proper locking when performing operations on an object. This flaw allows a local user to crash the system or escalate their privileges on the system. | ||||
| CVE-2022-2958 | 1 Badgeos | 1 Badgos | 2024-11-21 | 8.8 High |
| The BadgeOS WordPress plugin before 3.7.1.3 does not sanitise and escape parameters before using them in SQL statements via AJAX actions available to any authenticated users, leading to SQL Injections | ||||
| CVE-2022-2946 | 3 Debian, Fedoraproject, Vim | 3 Debian Linux, Fedora, Vim | 2024-11-21 | 7.8 High |
| Use After Free in GitHub repository vim/vim prior to 9.0.0246. | ||||
| CVE-2022-2938 | 4 Fedoraproject, Linux, Netapp and 1 more | 15 Fedora, Linux Kernel, H300s and 12 more | 2024-11-21 | 7.8 High |
| A flaw was found in the Linux kernel's implementation of Pressure Stall Information. While the feature is disabled by default, it could allow an attacker to crash the system or have other memory-corruption side effects. | ||||
| CVE-2022-2930 | 1 Octoprint | 1 Octoprint | 2024-11-21 | 7.8 High |
| Unverified Password Change in GitHub repository octoprint/octoprint prior to 1.8.3. | ||||
| CVE-2022-2921 | 1 Notrinos | 1 Notrinoserp | 2024-11-21 | 8.8 High |
| Exposure of Private Personal Information to an Unauthorized Actor in GitHub repository notrinos/notrinoserp prior to v0.7. This results in privilege escalation to a system administrator account. An attacker can gain access to protected functionality such as create/update companies, install/update languages, install/activate extensions, install/activate themes and other permissive actions. | ||||
| CVE-2022-2915 | 1 Sonicwall | 10 Sma 200, Sma 200 Firmware, Sma 210 and 7 more | 2024-11-21 | 8.8 High |
| A Heap-based Buffer Overflow vulnerability in the SonicWall SMA100 appliance allows a remote authenticated attacker to cause Denial of Service (DoS) on the appliance or potentially lead to code execution. This vulnerability impacts 10.2.1.5-34sv and earlier versions. | ||||